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DETAILED ACTION 

1 . This action is response to communication: response to original application 
received 11/21/2003. 

2. Claims 1-33 are current pending in this application. Claims 1 , 20, 23, and 30 are 
independent claims. 

3. No IDS has been received for this application. 

Claim Rejections - 35 USC § 101 

4. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

5. Claims 23-30 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. 

As per claims 23-33, the claims recite a machine-accessible medium. However, 
in the applicant's publication, in paragraph 70, the definition of a machine-accessible 
medium includes propagated signals such as carrier waves and infrared waves. 
Signals such as these are directed toward non-statutory subject matter. 

Claim Rejections - 35 USC §112 

6. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 
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7. Claims 1-33 rejected under 35 U.S.C. 112, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 

As per all the claims, the claims recite determining the states of the stream of 
packets. In addition, the independent claims recite that current states and destination 
states of the packet streams are determined. It is unclear what a 'state' of a packet 
stream is. The metes and bounds of the term are unclear, as the term 'state' is so 
broad it may encompass any aspect of packet transmissions. In a communication 
system, streams of packets go through many different 'states.' States such as the 
protocol the packets belong to, the location of the stream, and much more may be 
considered states of a stream/flow. The applicant is advised to clearly describe what a 
state of a flow refers to, as it is unclear what the bounds are of the claimed limitation. 

Further, the claims recite determining whether a rules table exists for the 
protocol. It is unclear what would happen if no rule table exist. If no rule table exists, 
non of the following steps will be active, and the method/system would just be directed 
to identifying the protocol and flow of the packet. Identifying the protocol and flow of the 
packet without doing anything about it would lead to a non useful tangible result, and 
would bring upon a 101 rejection. 

As per claims 7-9, claim 7 recites determining whether the flow causes a skip 
count to be reached. It is unclear how or when a skip count will be reached. Is the skip 
count reached when it hits a threshold value, or is the skip count reached every time the 
counter increments? 
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Also, as per claim 7, it is unclear what it means to "skip the flow." The metes and 
bounds of the term 'skip' are unclear as it is not understood what action occurs when a 
flow is skipped. 

As per claim 11-12, the claim recites that hashing functions are performed 
according to a number related to a skip count. It is unclear whether the hashing 
functions are performed to the skip count itself, or a number that is merely 
related/associated with the count. Also, it is unclear what a skip count is, and how a 
value is supposed to be hashed in accordance with this skip count. 

As per claim 14, the claim recites performing an operation using the current state 
and combined source states indicated in a state-transition rule. It is unclear what this 
operation consists of, and the metes and bounds of the term are unclear. 

As per claim 17, the claim recites evicting the match entry flow entry. It is not 
clear what evicting an entry on a table consists of. 

Claim 22 is rejected using the same basis of arguments used to reject claim 14 

above. 

Claims 24-26 is rejected using the same basis of arguments used to reject claim 
7-9 above. 

It is noted that there are many 112 rejections throughout the reference. The 
claims will be examined as best understood by the Examiner, and the references may 
be reconsidered once the claimed invention is made more clear. 



Claim Rejections - 35 USC § 103 
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8. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

9. Claims 1, 2, 10, 13, 14, 16, 17, 20-23, 27, 28, and 30-32 are rejected under 35 
U.S.C. 103(a) as being unpatentable over Pandya US Patent Application Publication 
2004/0010545 (hereinafter Pandya), and in view of Sekar US Patent Application 
Publication 2004/0098617 (hereinafter Sekar). 

As per claim 1 , Pandya teaches a method for filtering packets, wherein a flow 
corresponds to a stream of packets for a particular communication session, comprising: 
identifying a protocol used to transmit a packet (paragraph 117); identifying the flow to 
which the packet belongs (117 and 134); and determining whether a rules table exists 
for the protocol (paragraph 1 17 and 128). However, Pandya does not teach all the 
limitations of the claims. However, these limitations are taught by Sekar. Sekar 
teaches determining whether a state of the flow will transition from a current state 
indicated in the matching flow entry to a valid destination state, and discarding the 
packet if the state of the flow will not transition to the valid destination state (paragraph 
75). Although Sekar does not explicitly teach the use of state tables, Sekar teaches 
throughout the reference of managing the states and transitions of the flow. Further, 
Pandya teaches the use of utilizing rules and actions set up in a variety of tables 
(paragraph 117). 
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At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to combine the teachings of Pandya with Sekar. One of ordinary skill in the art 
would have been motivated to include such additions to increase security by including 
network intrusion detection that will be effective in detecting novel attacks and to 
prevent false alarms. (Sekar paragraphs 12-13). 

As per claim 2, Sahita and Sekar teach throughout the reference the use of state 
machines (a state machine is finite) (see Sekar throughout the reference, such as 
abstract; also see Padya throughout reference, such as paragraph 119). Also, as 
taught by Sahita in paragraphs 117, the protocols are capable of being defined. 

As per claim 10, Pandya teaches performing a hashing function based, at least in 
part, on values in the packet (paragraphs 119, 134); determining whether a flow entry 
matches a result of the hashing function (paragraph 134); determining, if the flow entry 
matches the result, whether the packet values hashed to generate the result match 
values used to generate the flow entry (paragraphs 1 1 9, 1 27, 1 34); and determinig, if 
the packet values match the values used to generate the flow entry, that the flow entry 
is in the matching flow entry (paragraphs 119, 127, 134, and throughout the reference). 

As per claim 13, the claim limitations are taught throughout the Pandya 
reference, such as in paragraphs 117 and 119. These sections teach identifying, if the 
state table fails to include the matching flow entry, a set of one or more state-transition 
rules having an indication to create an additional flow entry (paragraph 1 17 and 119); 
determining whether the packet includes a transition pattern indicated in a state- 
transition rule in the set, wherein the transition pattern indicates that the additional flow 
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entry is to be created (paragraphs 117 and 119); creating the additional flow entry if the 
packet includes the transition pattern (paragraphs 117 and 119); and discarding the 
packet, if the packet fails to include the transition pattern (Sekar paragraph 75). 

As per claim 14, Pandya teaches performing an operation using the current state 
and combined source states indicated in a state-transition rule (paragraphs 117, 119, 
121, and also Sekar paragraph 75); determining whether the current state matches a 
result of the operation (Sekar paragraph 75 and Pandya paragraphs 117, 119, 121, 123 
and 128); determining, if the current state matches the result of the operation, that eh 
combined source states include the current state (paragraph 120-125); determining, as 
a result of the combined source states including the current state, whether the packet 
includes a transition pattern indicated in the state-transition rule (paragraphs 117, 119, 
127, 134 and Sedkar paragraph 75); and determining if the packet includes the 
transition pattern, that the state of the flow will transition from the current state to the 
valid destination state in the transition rule in the set (Sedkar paragraph 75). 

As per claim 16, Pandya teaches the limitations of the claims throughout the 
reference, such as in paragraphs 117, 119, 121, and 123, and also in Sedkar such as in 
paragraph 75. 

As per claim 17, Pandya teaches determinig whether the source state-destination 
pair includes an evict indication, and evicting the matching flow entry if the source state- 
destination state pair includes the evict indication (paragraph 75 of Sedkar and Pandya 
paragraph 128). 
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Claim 20 is rejected using the same basis of arguments used to reject claim 1 

above. 

Claim 21 is rejected using the same basis of arguments used to reject claim 10 

above. 

Claim 22 is rejected using the same basis of arguments used to reject claim 14 

above. 

Claim 23 is rejected using the same basis of arguments used to reject claim 1 

above. 

Claim 27 is rejected using the same basis of arguments used to reject claim 10 

above. 

Claim 28 is rejected using the same basis of arguments used to reject claim 13 

above. 

Claim 30 is rejected using the same basis of arguments used to reject claim 1 
above. Network interface adapters are essential to the systems taught by Pandya and 
Sedkar. 

Claim 31 is rejected using the same basis of arguments used to reject claim 10 

above. 

Claim 32 is rejected using the same basis of arguments used to reject claim 13 

above. 
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10. Claims 3-6 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Pandya and Sekar as applied above, and further in view of Syvanne et al. US Patent 
Application Publication 2002/0112189 (hereinafter Syvanne). 

As per claim 3, Sekar teaches use of different protocols, such as the hypertext 
transfer protocol (such as in paragraph 32). For more information regarding different 
protocols regarding state-based transition, see Syvanne throughout the reference, such 
as in paragraphs 80-81. 

At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to combine the Pandya combination with the Syvanne reference. One of 
ordinary skill in the art would have been motivated to perform such an addition to 
present a flexible and reliable synchronization of state information between 
communication nodes (paragraph 19 of Syvanne). 

As per claim 4, Syvanne teaches discarding the packet if no rules table exists for 
the protocol (paragraph 7). 

As per claim 5, Syvanne teaches transmitting the packet if no rules table exists 
for the protocol (paragraph 9). Also, this would have been obvious, if not inherent. If no 
rules exists for a communication system, any type of packet would be permitted to flow 
into a system. 

As per claim 6, Sekar teaches transmitting the packet if the flow will transition to 
the valid destination state (paragraphs 31-32, 39, and throughout the reference. 



Application/Control Number: 10/718,843 Page 10 

Art Unit: 2134 

1 1 . Claims 7-9. 1 8, 1 9, and 24-26 are rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over Pandya and Sekar as applied above, and further in view of Ferguson 
et al. US Patent No. 6,798,777 (hereinafter Ferguson). 

As per claim 7, as best understood by the Examiner, all the limitations are not 
explicitly taught by the Pandya combination. However, these limitations are taught 
throughout Ferguson, such as in col. 28 lines 20-55. 

At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to incorporate the teachings of Ferguson with the Pandya combination. One of 
ordinary skill in the art would have been motivated to perform such an addition to enable 
advanced filtering and policing to operations without incurring expensive increases in 
the memory requirements of the system due to the extra time required to perform the 
extra operations, (col. 2 lines 15-25). 

As per claim 8, Ferguson teaches determining that a number of actual flows fails 
to exceed a preset threshold of flows, and examining flows based on the skip count, as 
a result of the number of actual flows failing to exceed the preset threshold (col. 28 lines 
20-55). 

As per claim 9, Ferguson teaches determining that a number of actual flows 
exceeds a preset threshold of flows; determining a number of preset steps by which the 
number of actual flows exceeds the preset threshold; multiplying the number of preset 
steps by a preset ski-count modifier, and changing the skip count to a different skip 
count equal to the product of the preset number of steps and the preset skip-count 
modifier (col. 28 lines 20-55). 
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As per claim 18, Sedkar teaches discarding the packet, if the packet fails to 
include the transition pattern included in a plurality of state-transition rules whose 
combined source states include the current state (paragraph 75 also Ferguson col. 28 
lines 20-55). 

As per claim 19, Sedkar teaches determining whether the packet causes a 
predetermined number of packets associated with invalid transitions to be reached, and 
discarding the packet, if the packet causes the predetermined number to be reached 
(paragraph 75 also Ferguson col. 28 lines 20-55). 

Claims 24-26 is rejected using the same basis of arguments used to reject claim 
7-9 above. 

12. Claims 11 and 12 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Pandya Sekar, and Ferguson as applied above, and further in view of Craig et al. 
US Patent Application Publication 2003/0053448 (hereinafter Craig). 

As per claim 1 1 , Ferguson and Pandya teaches these limitations, such as in col. 
28 lines 20-55 of Ferguson and paragraphs 119, 127, 134 of Pandya. Further, Craig 
teaches in more details relating to hashing functions and skipping, Such as in paragraph 
73. 

At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to include the teachings of Craig with the Pandya combination. One of ordinary 
skill in the art would have been motivated to perform such an addition to increase the 
speed and efficiency of the system, (paragraph 15 of Craig). 
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As per claim 12, Ferguson and Pandya teaches these limitations, such as in col. 
28 lines 20-55 of Ferguson and paragraphs 119, 127, 134 of Pandya. Also see Crag 
paragraph 73. 

1 3. Claims 1 5, 29, and 33 are rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over Pandya and Sekar as applied above, and further in view of 
Lakshman et al. US Patent No. 6,289,013 (hereinafter Lakshman). 

As per claim 15, The Pandya combination does not explicitly teach using an AND 
operation. However, this would have been obvious, as indicated by Lakshman, in col. 7 
lines 35-60. 

At the time of the invention, it would have been obvious to one of ordinary skill in 
the art to include operations such as AND in packet filtering. One of ordinary skill in the 
art would have been motivated to perform such an addition to increase the speed and 
efficiency of time of packet filtering, as described in col. 3 lines 45 to col. 4 line 10 of 
Lakshman. 

Claim 29 is rejected using the same basis of arguments used to reject claims 14 
and 15 above. 

Claim 33 is rejected using the same basis of arguments used to reject claim 29 

above. 



Conclusion 
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14. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jason K. Gee whose telephone number is (571) 272- 
6431 . The examiner can normally be reached on M-F, 7:00 am to 4:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571 ) 272-381 1 . The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

Jason Gee 
Patent Examiner 
Technology Center 2100 
06/19/2008 



/Kambiz Zand/ 

Supervisory Patent Examiner, Art Unit 2134 



